To end user session and disable user from using a back button to go back to secure page, you need two pages i simply named killsession.aspx and logout.aspx. I will explain both pages with code behind and markup code.
killsession.aspx
killsession.aspx (markup code)
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title> </head> <body> <form id="form1" runat="server"> <div> <div> </form> </body> </html>
killsession.aspx.vb (code behind)
Partial Class Close_Session Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Session.Clear() Session.Abandon() Session.Remove("Name") Response.Redirect("logout.aspx") End Sub End Class
logout.aspx
logout.aspx (markup code)<%@ Page Language="VB" AutoEventWireup="false" CodeFile="logout.aspx.vb" Inherits="logout" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title> <script language="javascript"> //disable user from going back // function doLogout() { history.go(+1) } </script> </head> <body> <form id="form1" runat="server"> <div> </div> </form> </body> </html>
logout.aspx.vb (code behind)Partial Class logout Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load 'fire-up java code from a markup page If (Not ClientScript.IsStartupScriptRegistered("doLogout")) Then Page.ClientScript.RegisterStartupScript _ (Me.GetType(), "history", "doLogout();", True) End If 'redirect user to a page of your choice Response.Redirect("default.aspx") End Sub End Class
Related posts:
Disable Back Button